REMARKS 



Claims 1 1 1-1 16 are copied substantially verbatim from U.S. Patent Application No. 
09/948,806, Publication No. 2002/0048369, published April 25, 2002, for Ginter et al. 
(hereinafter "Ginter Appl. '806"). Added claims 1 1 1, 1 12, 1 13, 1 14, 1 15, and 116 correspond 
to Ginter Appl. '806 claims 1, 2, 3, 4, 7, and 8, respectively. 

Claims 1 17-144 are copied substantially verbatim from U.S. Patent Application No. 
09/764,370, Publication No. 2002/01 12171, published August 15, 2002, for Ginter et al. 
(hereinafter "Ginter Appl '370"). Added claims 1 17-144 correspond to Ginter Appl. '370 
claims 1, 13-16, 36-37, 45, 49, 55, 58, 60, 64-67, 70-76, 79-81, and 89-90. A one-to-one 
correspondence between the added claims and the Ginter Appl. '370 claims is shown in Table 
1 below. 
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Table 1 



In accordance with 37 C.F.R. § 1.604, the copied claims may be specifically applied to 
Applicants' disclosure as follows: 
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Copied Claim From InterTrust 
Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0048369 Al) 


Applicants' Disclosure In 
Appl. No. 09/321^86 

(MDNA1.C2.US) 
(M-15081US) 


1 1 1 . A rights management appliance 
including: 


Applicants disclose a data processor (i.e., 

an appliance) to be used for managing 
data objects (i.e., for rights management). 
(p.8, 1.25-p.9, 1.9; p. 17, 11.1-12). 


a user input device, 


Applicants disclose a keyboard (i.e., a user 
input device), (p.9, 1.1; FIG.2). 


a user display device, 


Applicants disclose a display (i.e., a user 
display device), (p.9, 1.1; FIG.2). 


at least one processor, and 


Applicants disclose a data processor 
including a CPU (i.e., a processor), (p.8, 
11.29-30). 


at least one element defining a protected 
processing environment, 


• Applicants disclose a user program 
including a decryption module and 
one or more security modules (i.e., at 
least one element) operably coupled 
to a user's data processor, (p. 17, 

11. 1 5-20). If the proper format and 
security modules are not available for 
a particular data object, usage is not 
permitted (i.e., a protected processing 
environment), (p. 18, 11.3-5). 

• The user program can have code 
which controls use of the program by 
password, (p.18, 11.13-14). 

• The data object is never stored in 
native format in user accessible 
storage, (p. 18, 11.22-24). 

• Applicants disclose that the data 
provider's data processor is 
considered secure, (p.9, 11.8-9). 
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characterized in that the protected 
processing environment stores and uses 
permissions, methods, keys, programs 
and/or other information to 
electronically manage rights. 



Applicants disclose that a user/data 
provider's data processor utilizes control 
data, security modules including keys, 
decryption modules, and programs (i.e., 
permissions, methods, keys, programs, 
and/or other information) to control the 
usage of a data object (i.e., electronically 
manages rights), (p. 17, 11.15-20; p.21, 
1.17-p.22,1.12) 
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Copied Claim From InterTrust 
Published Patent Application 

fGinter et al.« Pub. No. 
US 2002/0048369 Al) 


Applicants' Disclosure In 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


112. In a rights management appliance 

including* 


See Claim 1 1 1 above. 


a user innut device 


Claim 111 above 


a user display device, 


See Claim 1 1 1 above. 


at least one processor, and 


See Claim 111 above. 


at least one element defining a protected 
processing environment, 


See Claim 111 above. 


a method of operating the appliance 
characterized by the step of storing and 
using permissions, methods, keys, 
programs and/or other information to 
electronically manage rights. 


See Claim 1 1 1 above. 
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Cooied Claim From InterTrust 
Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0048369 Al) 


ADDlicants' Disclosure In 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


113. A rights management appliance 
including at least one processor element at 
least in part defining a protected 
processing environment, characterized in 
that the protected processing environment 
stores and uses permissions, methods, 
keys, programs and/or other information to 
electronically manage rights. 


See Claim 1 1 1 above. 
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Copied Claim From InterTrust 
Published Patent Application 

(Ginter et aL, Pub. No. 
US 2002/0048369 Al) 


Applicants' Disclosure In 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


114. In a rights management appliance 
including at least one processor element at 
least in part defining a protected 
processing environment, a method 
comprising storing and using permissions, 
methods, keys, programs and/or other 
information to electronically manage 
rights. 


See Claim 1 1 1 above. 
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Copied Claim From InterTrust 
Published Patent Application 

(Ginter et ah, Pub. No, 
US 2002/0048369 Al) 



Applicants' Disclosure In 
AppL No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 



115. An electronic appliance arrangement 
containing a protected processing 
environment and at least one secure 
database operatively connected to said 
protected processing environment, said 
arrangement including means to monitor 
usage of at least one aspect of an amount 
of appliance usage and control said usage 
based at least in part upon protected 
appliance usage control information 
processed at least in part through use of 
said protected processing environment. 



See Claim 1 1 1 above. 

Applicants disclose at least a database 
20 for control data, (p.9, 11.6-7). 

Applicants further disclose that a 
security module may implement an 
authorization process, according to 
which each usage of the data object 
requires a dial up to the data processor 
of the data object provider, (p. 22, 11.1- 
12;p.23,1.29-p.24, 1.2). 



• Applicants disclose the "control data 
structure can include control elements 
for complex user types, usage types . . 
. ." (i.e., appliance usage). "Security 
modules could require a dial up to the 
brokers data processor to approve 
loading or usage actions . . . ." (p.25, 
11.8-13). 
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Copied Claim From InterTrust 
Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0048369 Al) 



116. In an electronic appliance 
arrangement containing a protected 
processing environment and at least one 
secure database operatively connected to 
said protected processing environment, a 
method characterized by the steps of 
monitoring usage of at least one aspect of 
appliance usage and controlling said usage 
based at least in part upon protected 
appliance usage control information 
processed at least in part through use of 
said protected processing environment. 



Applicants' Disclosure In 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 



See Claim 115 above. 



-20- 



SerialNo. 09/321,386 



Copied Claim From InterTrust 
Published Patent Application 

(Ginter et ah, Pub. No. 
US 2002/0112171 Al) 


Applicants' Disclosure in 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


1 17. A secure component-based operating 
process including: 


Applicants disclose the handling of 

composite data objects (e.g., software) 
(i.e., component-based processes), (p.24, 
Lll-p.25,1.3). 


(a) retrieving at least one component; 


• Applicants disclose the use or 
formation of composite objects 
comprising constituent objects (i.e., 
one component), (p.24, 11.12-14). 

• Furthermore, Applicants disclose buy 
and sell order packages (i.e., at least 
one component) are received by a 
stock trading data processor (pp.26- 
27). 


(b) retrieving a record that specifies a 
component assembly; 


• Applicants disclose utilizing a control 
data format with control elements 
defining relationships between 
constituent objects and defining a 
parent/child element (i.e., a record that 
specifies component assembly), (p.24, 
11.12-14). 

• Furthermore, Applicants disclose the 
buy and sell order packages each 
include control data for a match (i.e., a 
record that specifies component 
assembly). 
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(c) checking said component and/or said 
record for validity; 


• Applicants disclose that a general set 
of control data comprises a security 
control element which defines a 
security procedure which has to be 
carried out before usage of a data 
object, (p.4, 11.17-19). 

• The "security" disclosed by 
Applicants relates generally to 
"encryption" methods and 
"authorization" algorithms (e.g.. RSA 
and key methods) (i.e., checking said 
component and/or said record for 
validity), (p.21, 11.17-31). 


(d) using said component to form said 
component assembly in accordance 
with said record; and 


• Applicants disclose combining data 
objects to create a new data object 
created with control data linking the 
constituent data objects (i.e., using 
said component to form said 
component assembly), (p.24, 11.27- 
30). 

• Applicants disclose a broker who can 
include a video (i.e., a component) and 
text book (i.e., a component) in an 
educational package (i.e., assembly). 
(p.24, 11.11-31). 

• Furthermore, Applicants disclose a 
match between the buy and sell order 
packages results in a transfer of digital 
money with repackaged and updated 
data packages (i.e., component 
assembly), (p.26, 1.29-p.27, 1.2). 
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(e) performing a process based at least in 
part on said component assembly. 



Applicants disclose that a general set 
of control data is created for a 
composite data object that can be 
distributed by a broker to a user. 
(p.24, 11.11-31). 

Applicants disclose enabling data 
object usage and limiting the number 
of usages based upon control data 
(i.e., performing a process based at 
least in part on said component 
assembly), (p. 19, 11.26-30). 

Furthermore, Applicants disclose the 
new data packages after a match are 
transferred back to the seller and 
buyer data processors (i.e., performing 
a process), (pp.26-27) 
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Published Patent Application 

fGinter et al.. Pub. No. 
US 2002/0112171 Al) 


Annlirants' Disclosure in 

Appl. No. 09/321,386 

fMDNAl.C2.US~i 
(M-15081US) 


118. A secure component operating 
system process including: 


See Claim 117 above. 


receiving a comnonent: 


See Claim 1 1 7 (a) above 


receiving directions specifying use of said 
comoonent to form a comoonent 

wiii l/x«'ii%^ii v vv/ ix^i 11 1 iii i^/ v^nwn t 

assembly; 


See Claim 1 17(b) above. 


authenticating said received component 
and/or said directions: 


See Claim 1 17(c) above. 


forming, using said component, said 
component assembly based at least in 
part on said received directions; and 


See Claim 1 17(d) above. 


using said component assembly to perform 
at least one operation. 


See Claim 1 17(e) above. 



-24- 



SerialNo. 09/321,386 



Cooied Claim From InterTrust 
Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0112171 Al) 


AoDlicants' Disclosure in 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


119. A method comprising performing the 
following steps within a secure operating 
system environment: 


Applicants disclose that the user's data 
processor is a secure processor (p.9, 11.8-9) 

requiring certain security modules for 
usage of the data object (i.e., a secure 
operating system environment, (p. 18, 11.3- 
5). 


* 

providing code; 


Applicants disclose providing of a data 
object, which can include software (i.e., 
code), (p. 2, 1.3). 


providing directions specifying assembly 
of said code into an executable program; 


.See Claim 1 17(b) above. 


checking said received code and/or said 
assembly directions for validity; and 


See Claim 1 17(c) above. 


in response to occurrence of an event, 
assembling said code in accordance with 
said received assembly directions to form 
an assembly for execution. 


• Applicants disclose that in response to 
an authorization to use (i.e., an event), 
a user may access a data object, (p.5, 
11.25-30; p. 19, 11.20-25). 

• A data object may include composite 
data objects. Constituent data objects 
may be combined to create a 
composite data object (i.e., an 
assembly) for some particular use, 
created with control data linking the 
constituent data objects (i.e., 
assembling said code in accordance 
with received assembly instructions). 
(p.24, 11.27-30). 
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* 




Copied Claim From InterTrust 
Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0112171 Al) 



120. A method for managing at least one 
resource with a secure operating 
environment, said method comprising: 



securely receiving a first control from a 
first entity external to said operating 
environment; 



securely receiving a second control from a 
second entity external to said operating 
environment, said second entity being 
different from said first entity; 



Applicants 9 Disclosure in 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 



Applicants disclose management of 
data objects for distribution by an 
author, broker, or user (i.e., a 
resource), (p.l, 11.14-16; p.8, 11.26-29; 
p.14, 11.25-30). 

Applicants disclose a secure operating 
environment. See Claim 1 19 above. 



Applicants disclose usage conditions 
with a data object (i.e., a first control) 
from an author (i.e., a first entity) may 
be sent to a broker's data processor 
(i.e., operating environment), (p.8, 
11.9-17). 

Applicants disclose buy and sell order 
with control data are received by a 
stock trading data processor, (pp.26- 
27). 



Applicants disclose a broker may 
repackage a received data object and 
add further control data (i.e., a second 
control) which is relevant to his 
business activities, (p.8, 11.9-17). 

Applicants further disclose a broker 
may combine constituent data objects 
into a composite data object for 
distribution, (p.24, 11.1 1-24). 

Thus, it is at least inherent that a 
second data object with a second set of 
control data from a different author 
than the first could be sent to a 
broker's data processor. 

Applicants disclose the buy and sell 
control data are sent from two 
different entities, (pp.26-27). 
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securely processing, using at least one 
resource, a data item associated with said 
first and second controls; and 


• Applicants disclose a broker including 
a video data object and a text book 
data object in an educational package 
(i.e., a data item), (p. 24, 11.12-19). 

• See Claim 1 17(e) above. 

• Applicants further disclose that the 
buy and sell order control data are 
used in conjunction to transfer digital 
money (i.e., a data item), (pp.26-27). 


securely applying said first and second 
controls to manage said resource for use 
with said data item. 


Applicants disclose a broker adding 
program procedures to program modules 
to process the control elements of 
constituent objects, (p.24, 11.12-19). 



27- 



SerialNo. 09/321,386 



LAW OFFICES OF 
MACPHERSON KWOK 
CHEN A HE1D IJ.r 

2402 MICHELSON DRIVE 
SUITE 210 
IRVINE, CA 92612 

(949) 752-7040 
FAX (949) 752-7049 



# 




fonied Claim FVom InterTrust 
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Published Patent Application 

(Ginter et ah, Pub. No. 
US 2002/0112171 Al) 


Annlicants' Disclosure in 
Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


121. A method for securely managing at 
least one operation on a data item 
performed at least in part by an electronic 
arrangement, said method comprising: 


Applicants disclose management of data 
objects (i.e., data items) for distribution by 
a broker, agent, or user (i.e., by an 
electronic arrangement - agreements 
between participants in a commercial 
value chain and/or a data security chain 
model for handling, auditing, reporting, 
and payment), (p.l, 11.14-16; p.8, 11.26-29; 
p.14, 11.25-30). 


(a) securely delivering a first procedure to 
said electronic arrangement; 


Applicants disclose usage conditions (i.e., 
a first procedure) from an author may be 
sent to a broker's data processor with a 
data object (p.8, 11.9-17). 
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(b) securely delivering, to said electronic 
arrangement, a second procedure separable 
or separate from said first procedure; 



Applicants disclose a broker may 
repackage a received data object and 
add further control data (i.e., a second 
procedure) which is relevant to his 
business activities, (p.8, 11.9-17). 

Applicants further disclose a broker 
may combine constituent data objects 
with constituent control data into a 
composite data object for distribution. 
Each constituent data object retains its 
original control data which continues 
to control its subsequent usage, (p.24, 
11.11-31). 

Thus, it is at least inherent that a 
second data object with a second set of 
control data (i.e., a second procedure) 
may be delivered to a broker's data 
processor. 

Furthermore, Applicants disclose that 
a user requests authorization (i.e., a 
second procedure) to use a data object. 
(p.5, 11.25-30; p.19, 1L8-12). 

Applicants further disclose two 
different sets of control data (buy and 
sell orders) are sent to a stock trading 
data processor, (pp.26-27). 
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(c) performing at least one operation on 
said data item, including using said first 
and second procedures in combination to 
at least in part securely manage said 
operation; and 



(d) securely conditioning at least one 
aspect of use of said data item based on 
said delivering steps (a) and (b) having 
occurred. 



Applicants disclose enabling data 
object usage and limiting the number 
of usages based upon control data, 
(p. 19, 11.26-30). 

Applicants further disclose that a 
usage manager module compares the 
user request for usage with the 
corresponding control data (i.e., using 
said first and second procedures in 
combination). If the requested usage 
is not permitted in the control data, the 
requested usage is disabled, (p. 19, 
11.20-25). 

See Claims 1 17(e) and 120 above. 

Applicants further disclose that the 
buy and sell order control data are 
used in conjunction to transfer digital 
money (i.e., a data item), (pp.26-27). 



It is inherent that if a user does not 
request usage, no use of the data 
object will occur. 

Applicants also disclose an automated 
transaction negotiation in which 
digital money is not transferred 
without a matching of a delivered sell 
order and a delivered buy order. 
(pp.26-27). 



-30- 



SerialNo. 09/321,386 



LAW OFFICES OF 
MACPHERSON KWOK 
CHEN & II KID li.P 

2402 MICHELSON DRIVE 
SUITE 210 
IRVINE, CA 92612 

(949) 732-7040 
FAX (949) 732-7049 



C^onied Claim Krom InterTVust 

Published Patent Application 

(Ginter et al., Pub. No. 
US 2002/0112171 Al) 


Annlicants' Disclosure in 

Appl. No. 09/321,386 

(MDNA1.C2.US) 
(M-15081US) 


122. A method for securely managing at 
least one operation performed at least in 
part by a secure electronic appliance, 
comprising: 


Applicants disclose management of data 
objects using data processors including 
security modules (i.e.. a secure electronic 
appliance), (p.8, 1.25-p.9, 1.9). 


(a) selecting an item that is protected with 
respect to at least one operation: 


See Claim 121(c) above. 


(b) securely independently delivering 
plural separate procedures to said 
electronic appliance; 


See Claim 121(a) and 121(b) above. 


(c) using said plural separate procedures 
in combination to at least in part securely 
manage said operation with respect to said 
selected item; and 


See Claims 1 17(e) and 121(c) above. 


(d) conditioning successful completion of 
said operation on said delivering step (b) 
having occurred. 


See Claim 121(d) above. 
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123. A method for orocessine based on 
independent deliverables comprising: 


See Claim 117 above. 

%^ «^ ^^j^ A 44 A A A A A A # V% T V • 


securely delivering a first piece of code 
defining a first oart of a nrocessi 


See Claims 120 and 121(a) above. 


separately, securely delivering a second 
niece of code defining a second part of 

A^ A V V ^L. W V nA A A AAA A H A A A^ tmA v ™-. A. 

said process; 


See Claims 120 and 121(b) above. 


ensuring the integrity of the first and 
second delivered pieces of code; and 


See Claim 1 17(c) above. 


performing said process based at least in 
part on said first and second delivered 
code pieces. 


See Claims 1 17(e) and 120 above. 
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124. A method of securely controlling at 
least one protected oneration with resnect 
to a data item comprising: 


See Claim 121(c) above. 


(a) supplying at least a first control from a 
first party: 


See Claims 120 and 121(a) above. 


(b) supplying at least a second control 
from a second party different from said 
first party; 


See Claims 120 and 121(b) above. 


( c) securelv combining said first and 
second controls to form a set of controls; 


See Claims 1 I7(d\ 1 17(e\ and 120 above. 


(d) securely associating said control set 
with said data item; and 


See Claim 1 1 7(d) and 1 1 7(e) above. 


(e) securely controlling at least one 
protected operation with respect to said 
data item based on said control set. 


See Claims 120 and 121(c) above. 
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125. A secure method for combining data 
items into a composite data item 

comnrisint? * 


Applicants disclose the handling of 
composite data objects including 

constituent data obiects fn 24 11 1 1-24^ 


(a) securely providing a first data item 
having at least a first control associated 

therewith* 


See Claims 1 17(a), 120, and 121(a) above. 


(b) securely providing a second data item 

having at least a second control associated 

therewith; 


See Claims 120 and 121(b) above. 


(c) forming a composite of said first and 
second data items* 


See Claim 1 17(d) above. 


(d) securely combining said first and 
second controls into a composite control 
set; and 


See Claim 1 1 7(e) above. 


(e) performing at least one operation on 
said composite of said first and second 
data items based at least in part on said 
composite control set. 


See Claim 1 17(e) above. 
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126. A secure method for controlling a 

protected operation comprising: 


See Claim 121 above. 


(a) delivering at least a first control and a 
second control; and 


See Claims 120, 121(a), and 121(b) above. 


(b) controlling at least one protected 
operation based at least in part on a 
combination of said first and second 
controls, including at least one of the 
following steps: 


See Claim 121(c) above. 


resolving at least one conflict between said 
first and second controls based on a 
predefined order, 


• Applicants disclose matching and non- 
matching between two sets of buy and 
sell control data (i.e., resolving 
conflict based on a predefined order), 
(pp. 26-27). 

• Applicants disclose a composite object 
can be handled by defining a control 
data format with control elements 
defining relationships between 
constituent objects and by defining a 
parent/child element, (p.24, 11.12-14). 

• It is also at least inherent in the 
formation of composite objects that 
conflicts between the control data of 
the constituent objects will be resolved 
based on a predefined order. 


providing an interaction with a user to 
form said combination; and 


Applicants disclose a user can combine 
data objects for some particular purpose. 
(p.24, 11.27-31). See also Claim 117(d) 
above. 


dynamically negotiating between said first 
and second controls. 


Applicants disclose an automated 
transaction negotiation method between 
two sets of control data, (pp.26-27). 
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127. A secure method comprising: 


Applicants disclose a secure method. 


selecting protected data; 


• Applicants disclose data objects 
protected in a package. (p.9 5 11.12-14). 

• Furthermore, Applicants disclose 
digital money (i.e., protected data) in a 
buy and sell negotiation, (pp.26-27). 


extracting said protected data from an 
object; 


• Applicants disclose a user extracting 
protected data from a data package, 
(p. 19, 11.20-28). 

• Furthermore, Applicants disclose that 
the user program executes a 
transaction whereby the digital money 
(i.e., protected data) is extracted from 
the buy order data package and 
transferred to the sell order package. 
(p.26, 1.29-p.27, 1.2). 


identifying at least one control to manage 
at least one aspect of use of said extracted 
data; 


• Applicants disclose control data 
associated with a constituent data 
object and control data associated with 
a composite data object, (p.24, 11.20- 
31; FIG. 17). 

• Furthermore, Applicants disclose the 
control data of the sell order data 
package (i.e., at least one control) is 
updated after the matching of buy and 
sell orders and transfer of digital 
money (i.e., extracted data), (pp.26- 
27). 
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placing said extracted data into a further 
object; and 


• Applicants disclose creating a parent 
object with constituent objects and 
combining data objects, (p.24, 11.12- 
31). 

• Furthermore, Applicants disclose 
transfer of digital money to the sell 
order package (i.e., a further object). 
(pp.26-27). 


associating said at least one control with 
said further object. 


• Applicants disclose control data 
associated with a constituent data 
object and control data associated with 
a composite data object, (p.24, 11.20- 
31; FIG. 17). 

• Control elements may define 
relationships between constituent 
objects and a parent/child relationship. 
(p.24, 11.12-14). 

• Furthermore, Applicants disclose the 
control data of the sell order data 
package (i.e., at least one control) is 
updated after the matching of buy and 
sell orders and transfer of digital 
money (i.e., extracted data), (pp.26- 
27). 
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128. A secure method of modifying a 
Drotected obiect comprising: 


Applicants disclose combining data 
obiects to create a new data obiect ("i.e.. a 

protected object is modified), (p.24, 11.27- 
31). 


(a) providing a protected object; and 


Applicants disclose protected data objects. 


(b) embedding at least one additional 
element into said protected object without 
unprotecting said object. 


Applicants disclose combining data 
objects to form a new data object (i.e., 
embedding an element into the protected 
object) with control data linking the 
constituent data objects. Each constituent 
data object retains its original control data 
which continues to control its subsequent 
usage, (p.24, 11.12-31). 
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129. A method for managing at least one 
resource with a secure operating 
environment, said method comprising: 


See Claim 120 above. 


securely receiving a first load module from 
a first entity external to said operating 
environment; 


• See Claim 120 above. 

• A "load module" is equivalent to a 
"control". 


securely receiving a second load module 
from a second entity external to said 
operating environment, said second entity 
being different from said first entity; 


• See Claim 120 above. 

• A "load module" is equivalent to a 
"control". 


securely processing, using at least one 
resource, a data item associated with said 
first and second load modules; and 


• See Claim 120 above. 

• A "load module" is equivalent to a 
"control". 


securely applying said first and second 
load modules to manage said resource for 
use with said data item. 


• See Claim 120 above. 

• A "load module" is equivalent to a 
"control". 



-39- 



SerialNo. 09/321,386 



LAW OFFICES OF 
MACP1IER50N KWOK 
CHEN & HE1D U P 

2402 M1CHELSON DRIVE 
SUITE 210 
IRVINE, CA 92612 

(949) 732-7040 
FAX (949) 752-7049 



Conied Claim From InterTrust 

\# M \M ^^1I41U1 -M. M. will 111IV1 A M. \M. U %r 

Published Patent Application 

fGinter et al.. Pub. No. 
US 2002/0112171 Al) 


AoDlicants' Disclosure in 
Appl. No. 09/321,386 

(MDNA1.C2.US) 

(M-15081US) 


130. A method for negotiating electronic 
contracts, comprising: 


Applicants disclose an automated 
transaction negotiation, (pp.26-27). 


receiving a first control set from a remote 
site; 


Applicants disclose a seller/buyer that 
creates control data, e.g. kind of stock, 
price, quantity (i.e., a first control set) on 
the seller's/buyer's data processor (i.e., a 
remote site) to participate in a negotiation. 
The rules or conditions for buying and 
selling stocks are indicated in the control 
data. (p.26). 


providing a second control set; 


Applicants disclose a buyer's/seller's 
control data (i.e., a second control set). 


performing, within a protected processing 
environment, an electronic negotiation 
between said first control set and said 
second control set, including providing 
interaction between said first and second 
control sets; and 


• Applicants disclose performing 
automated negotiations at the data 
processor of the stock trading 
company (i.e., a protected processing 
environment), (p.27, 11.3-4). 

• Applicants disclose that the control 
data of the sell (i.e., first control set) 
and buy (i.e., second control set) order 
packages are examined and matched 
(i.e., providing interaction between 
said first and second control sets) by 
the user program of the stock trading 
company, (p.26, 11.27-29). 


producing a negotiated control set 
resulting from said interaction between 
said first and second control sets. 


Applicants disclose that the user program 
executes a transaction, whereby digital 
money is extracted from the buy order 
data package and transferred to the sell 
order package. Then the control data of 
the sell order data package is updated (i.e., 
producing a negotiated control set) after 
the matching of buy and sell orders (i.e., 
as a result of an interaction between the 
first control set and the second control 
set), (p.26, 1.29-p.27, 1.2). 
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131. A system for supporting electronic 
commerce including: 


Applicants disclose an electronic system 
for supporting a broker-user business 
relationship (i.e., electronic commerce), 
(p. 14, 11.26-29). 


means for creating a first secure control set 
at a first location; 


• Applicants disclose a data provider 
(e.g., an author) may secure control 
data with a data object on the data 
provider's data processor (i.e., first 
location) including a data packaging 
program (i.e., means for creating a 
first secure control sef). fo. 11. 1.21- 
p. 12, 1.22). 

• See also Claims 130 above and 132 
below. 


means for creating a second secure control 
set at a second location; 


• Applicants disclose a broker may 
repackage a received data package and 
add further control data (i.e., a second 
secure control set) which is relevant to 
his business activities with a data 
packaging program on the broker's 
data processor (i.e., means at a second 
location! (v 8 11 9-16* d 8 125-dIO 
1.14). 

• See a/w Claims 130 above and 132 
below. 


means for securely communicating said 
first secure control set from said first 
location to said second location; and 


• Applicants disclose an author may 
provide a data object in a secure 
package from the author's data 
processor (i.e., first location) including 
network and telecommunications 
programs (i.e., means for 
communicating) to a broker's data 
processor (i.e.. second location) . (d.8 
11.9-16; p.8, 1.25-p.9, 1.9). 

• See also Claims 130 above and 132 
below. 
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means at said second location for securely 
integrating said first and second control 
sets to produce at least a third control set 
comprising plural elements together 
comprising an electronic value chain 
extended agreement. 



• Applicants disclose a broker may 
create a parent composite object with 
control elements referring to 
constituent objects (i.e., first and 
second control sets) and the parent 
object (i.e., a third control set), (p.24, 
11.11-26; FIG. 17). 

• See also Claims 130 above and 132 
below. 
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132. A system for supporting electronic 
commerce including: 


See Claim 131 above. 


means for creating a first secure control set 
at a first location; 


Applicants disclose a buyer that creates 
control data, e.g. kind of stock, price, 
quantity (i.e., a first secure control set) on 
the buyer's data processor (i.e., a first 
location), (p.26). 


means for creating a second secure control 
set at a second location; 


Applicants disclose a seller that creates 

X X 

control data, e.g. kind of stock, price, 
quantity (i.e., a second secure control set) 
on the seller's data processor (i.e., a 
second location), (p.26). 


means for securely communicating said 
first secure control set from said first 
location to said second location; and 


• Applicants disclose a buyer's control 
data being sent to a stock trading 
company (p.26). It is inherent that a 
buyer's control data could be sent to a 
seller's data processor or vice versa. 

• Also, Applicants disclose an author 
may provide a data object in a secure 
package from the author's data 
processor (i.e., first location) including 
network and telecommunications 
programs (i.e., means for 
communicating) to a broker's data 
processor (i.e., second location), (p.8, 
11.9-16; p.8, 1.25-p.9, 1.9). 


negotiation means at said second location 
for negotiating an electronic contract 
through secure execution of at least a 
portion of said first and second secure 
control sets. 


• Applicants disclose performing 
automated negotiations at the data 
processor of the stock trading 
company, (p.27, 11.3-4). Upon 
identifying matched buy and sell 
orders, the user program executes a 
transaction, (p.26, 11.29-30). 

• Thus, it is at least inherent that 
negotiations can occur at the seller's 
data processor. 
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133. A secure component-based operating 
system including: 


See Claim 1 1 7 above. 


component retrieving means for retrieving 
at least one component; 


• See Claim 1 17(a) above. 

• Applicants disclose a file transfer 

A. A. 

program that can transfer and receive 
files via a network to and from other 
data processors, (p. 1 8, 11.25-26; 
FIG. 14). 


record retrieving means for retrieving a 
record that specifies a component 
assembly; 


• See Claim 1 17(b) above. 

• Applicants disclose a usage manager 
module that calls 1) a decryption 
module that decrypts and extracts 
control data from a data package and 
2) a control data parser module to 
extract data fields from usage 
elements (i.e., record retrieving 
means), (p. 19, 11.13-19; FIG. 14). 


checking means, coupled to said 
component retrieving means and said 
record retrieving means, for checking said 
component and/or said record for validity; 


• See Claim 1 17(c) above. 

• Applicants disclose decryption 
modules and security modules (i.e., 
checking means) that apply access 
control and verification using 
encryption/key methods such as RSA. 
(p. 17, 11.27-29; p.2 1,11.17-31; 

FIG. 14). 


using means, coupled to said checking 
means, for using said component to form 
said component assembly in accordance 
with said record; and 


• See Claim 1 17(d) above. 

• Applicants disclose a usage manager 
module that unpackages and enables 
data object usage, (p.19, 11.13-28; 
FIG. 14). 
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• 



performing means, coupled to said using 
means, for performing a process based at 
least in part on said component assembly. 



See Claim 1 1 7(e) above. 

Applicants disclose a user program 
(i.e., performing means) that controls 
the usage of a data object in 
accordance with the control data 
included in the data package together 
with the data object, (p.17, 11.15-16; 
FIG. 14). 
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134. A secure component-based operating 
system including: 


See Claims 117 and 133 above. 


a database manager that retrieves, from a 
secure database, at least one component 
and at least one record that specifies a 
component assembly; 


• See Claims 1 17(a) and 133 above. 

• Applicants disclose a memory that can 
store a received data package and a 
database intended for control data 

(p. 17, 11.9-12). 


an authenticating manager that checks said 
component and/or said record for validity; 


See Claims 117(c) and 133 above. 


a channel manager that uses said 
component to form said component 
assembly in accordance with said record; 
and 


See Claims 1 17(d) and 133 above. 


an execution manager that performs a ■ 
process based at least in part on said 
component assembly. 


See Claims 117(e) and 133 above. 
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See Claims 117 and 133-134 above. 


means for receiving a component; 


See Claims 1 17(a) and 133-134 above. 


means for receiving directions specifying 
use of said component to form a 
component assembly; 


See Claims 1 17(b) and 133 above. 


means, coupled to said receiving means, 
for authenticating said received component 
and/or said directions; 


See Claims 1 17(c) and 133-134 above. 


means, coupled to said authenticating 
means, for forming, using said component, 
said component assembly based at least in 
part on said received directions; and 


See Claims 1 17(d) and 133-134 above. 


means, coupled to said forming means, for 
using said component assembly to perform 
at least one operation. 


See Claims 1 17(e) and 133-134 above. 
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136. A secure component operating 
environment including: 


See Claims 117 and 133-135 above. 


a storage device that stores a component 
and directions specifying use of said 
component to form a component 
assembly: 


See Claims 117(a) and 133-135 above. 


an authenticating manager that 
authenticates said component and/or said 
directions; 


See Claims 117(c) and 133-135 above. 


a channel manager that forms, using said 
component, said component assembly 
based at least in part on said directions: 
and 


See Claims 117(d) and 133-135 above. 


a channel that executes said component 
assembly to perform at least one operation. 


See Claims 117(e) and 133-135 above. 
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137. A secure operating system 
environment comprising: 


See Claims 117 and 133-136 above. 


a storage device that stores code and 
directors specifying assembly of said 
code into an executable urogram: 


See Claims 117(a) and 133-136 above. 


a validating device that checks said 
received code and/or said assembly 
directors for validity; and 


See Claims 117(c) and 133-136 above. 


an event-driven channel that, in response 

J A. 

to occurrence of an event, assembles said 
code in accordance with said assembly 
directions to form an assembly for 
execution. 


See Claims 1 17(d), 1 19, and 133-136 
above. 
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138. A secure operating environment 
system for managing at least one resource 
comprising: 


• See Claim 120 above. 

• Applicants disclose a secure data 
processor. See Claim 1 19 above. 


a communications arrangement that 
securely receives a first control from a first 
entity external to said operating 
environment, and securely receives a 
second control from a second entity 
external to said operating environment, 
said second entity being different from 
said first entity; and 


• See Claims 120 and 131-137 above. 

• Applicants disclose network and 
telecommunications programs 
between authors and brokers and 
between buyers, sellers, and stock 
trading companies. 


a protected processing environment, 
coupled to said communications 
arrangement, that: 


• See Claims 120 and 131-137 above. 

• Applicants disclose secure data 
processors. 


(a) securely processes, using at least one 
resource, a data item associated with said 
first and second controls, and 


See Claims 120 and 131-137 above. 


(b) securely applies said first and second 
controls to manage said resource for use of 
said data item. 


See Claims 120 and 131-137 above. 
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139. A system for negotiating electronic 
contracts, comprising: 


See Claims 131-138 above. 


a storage arrangement that stores a first 
control set received from a remote site, 
and stores a second control set; 


See Claims 131-138 above. 


a protected processing environment, 
coupled to said storage arrangement, that: 


See Claims 131-138 above. 


(a) performs an electronic negotiation 
between said first control set and said 
second control set, 


See Claims 131-138 above. 


(b) provides interaction between said first 
and second control sets, and 


See Claims 131-138 above. 


(c) produces a negotiated control set 
resulting from said interaction between 
said first and second control sets. 


See Claims 131-138 above. 
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140. A method for supporting electronic 
commerce including: 


See Claims 130-132 above. 


creating a first secure control set at a first 
location; 


See Claims 130-132 above. 


creating a second secure control set at a 
second location; 


See Claims 130-132 above. 


securely communicating said first secure 
control set from said first location to said 
second location; and 


See Claims 130-132 above. 


electronically negotiating, at said second 
location, an electronic contract, including 
the step of securely executing at least a 
portion of said first and second secure 
control sets. 


See Claims 130-132 above. 
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141 An electronic appliance comprising* 


Applicants disclose an electronic 
appliance, (p.17, 11.1-12). 


a processor: and 


Applicants disclose a data processor with a 
CPU. (p. 17, 11.2-3). 


at least one memory device connected to 
said processor; 


Applicants disclose memory connected to 
a processor, (p. 17, 11.4-12; FIG. 13). 


wherein said processor includes: 




retrieving means for retrieving at least one 
component, and at least one record that 
specifies a component assembly, from said 
memory device. 


See Claims 1 17(b) and 133-137 above. 


checking means coupled to said retrieving 
means for checking said component and/or 
said record for validity, and 


See Claims 1 17(c) and 133-137 above. 


using means coupled to said retrieving 
means for using said component to form 
said component assembly in accordance 
with said record. 


See Claims 1 17(d) and 133-137 above. 
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142. An electronic appliance comprising: 


See Claim 141 above. 


at least one processor; 


See Claim 141 above. 


at least one memory device connected to 
said processor; and 


See Claim 141 above. 


at least one input/output connection 
coupled to said processor, 


Applicants disclose that a display, a 
keyboard, a printer, a sound system, a 
ROM, and a bulk storage device may be 
connected to a bus connected to the CPU. 
(p. 17, 11.1-12). 


wherein said processor at least in part 
executes a rights operating system to 
provide a secure operating environment 
within said electronic appliance. 


Applicants disclose a user program that 
controls the usage of a data object (i.e., a 
rights operating system). The user 
program is executed by the user's secure 
data processor, (p.17, 11.15-16; p.19, 11.5- 

7). 
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143. A method for auditing the use of at 
least one resource with a secure operating 
environment, said method comprising: 


Applicants disclose sending of audit-like 
information related to use of a resource. 


securely receiving a first control from a 
first entity external to said operating 
environment; 


See Claims 120 and 130-132 above. 


securely receiving a second control from a 
second entity external to said operating 
environment, said second entity being 
different from said first entity; 


See Claims 120 and 130-132 above. 


using at least one resource; 


See Claims 120 and 130-132 above. 
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• # 



securely sending to said first entity in 
accordance with said first control, first 
audit information concerning use of said 
resource; and 



• Applicants disclose that one level of 
security for a broker may be to require 
on-line confirmation when loading a 
data object to the user's data processor 
to permit the broker to check that the 
object has not already been loaded as 
well as to double check all other 
parameters (i.e., audit report). (p.23, 
1.29-p.24, 1.2). Furthermore, 
Applicants disclose that security 
modules could require a dial up to the 
brokers data processor to approve 
loading or usage actions and to 
implement approval authentication 
mechanisms, (p.25, 11.11-13). 



• Thus, it is at least inherent that audit 
information, like a usage request, 
could be sent to a broker/data object 
provider upon use of a data object. 

• Applicants disclose that a copy of a 
user set of control data is preferably 
stored in the broker's control database 
to provide a record with which to 
compare subsequent use, e.g., when a 
dial-up is required for usage. Thus, it 
is inherent that either control data is 
equivalent to audit information or that 
a broker/agent provides a two-way 
conduit for rights and audit data 
between content creators and content 
users. 
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securely sending to said second entity in 
accordance with said second control, 
second audit information concerning use 
of said resource, said second audit 
information being at least in part different 
from said first audit information. 



Applicants also disclose that the 
control data of both buy and sell order 
packages are updated to provide an 
audit trail after the transaction and 
transferred back to their authors (i.e., 
sending of audit information 
concerning use), (pp.26-27). 



Id See above. 
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144. A method for auditing the use of at 
least one resource with a secure operating 
environment, said method comprising: 


See Claims 120 and 143 above. 


securely receiving first and second control 
alternatives from an entity external to said 
operating environment; 


• Applicants disclose receiving buy and 
sell order controls, which may not 
match, at a stock trading company's 
data processor, (p.26) 


selecting one of said first and second 
control alternatives; 


• Applicants disclose either matching or 
not matching buy and sell order 
controls, which is eauivalent to 
selecting one of the control 
alternatives. 


using at least one resource; 


See Claim 143 above. 


if said first control alternative is selected 
by said selecting step, securely sending to 
said entity in accordance with said first 
control alternative, first audit information 
concerning use of said resource; and 


See Claims 120 and 143 above. 


if said second control alternative is 
selected by said selecting step, securely 
sending to said second entity in 
accordance with said second control 
alternative, second audit information 
concerning use of said resource, said 
second audit information being at least in 
part different from said first audit 
information. 


See Claims 120 and 143 above. 
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Pursuant to 37 C.F.R. §1. 604(a)(1), Applicants propose at this time that each of the 
claims being copied be deemed a count for the purposes of provoking an interference. 
However, we reserve the right to alter the counts if necessary. 

The present application was filed on May 27, 1999 as a continuation of U.S. Patent 
Application No. 09/164,606, filed on October 1, 1998, which in turn claimed priority to U.S. 
Patent Application No. 08/594,81 1, filed on January 31, 1996, now U.S. Patent No. 
5,845,281, which in turn claimed priority to Swedish Application No. 9500355-4, filed on 
February 1, 1995. The present application is based on substantially the same disclosure as 
U.S. Patent Application No. 08/594,81 1, now U.S. Patent No. 5,845,281, which contained 
substantially the same disclosure as in Swedish Application No. 9500355-4. Thus, added 
claims 1 1 1-144 are supported by the disclosure of Swedish Application No. 9500355-4 and 
are entitled to a priority date of February 1, 1995. 

The aforementioned added claims 1 1 1-1 16 are copied from U.S. Patent Application 
No. 09/948,806, Publication No. 2002/0048369, published on April 25, 2002 for Ginter et al. 
as a division of U.S. Patent Application No. 09/272,998, filed on March 19, 1999, which is a 
continuation of U.S. Patent Application No. 08/706,208, filed on August 30, 1996, now 
abandoned. Thus, because the present application has a priority date earlier than the priority 
date of Ginter Appl. '806, Applicants allege that based at least upon priority of invention, 
Applicants are entitled to a judgment relative to the inventors of Ginter Appl. 4 806. 

35 U.S.C. § 135(b)(2) does not bar this amendment because the amendment is being 
filed within twelve months of the publication date of the target patent application, April 25, 
2002. 

The aforementioned added claims 1 17-144 are copied from U.S. Patent Application 
No. 09/764,370, Publication No. 2002/01 12171, published on August 15, 2002 for Ginter et 
al. as a continuation of U.S. Patent Application No. 09/335,465, filed on June 17, 1999, now 
U.S. Patent No. 6,237,786, which is a continuation of U.S. Patent Application No. 
08/780,393, filed on January 8, 1997, now U.S. Patent No. 5,915,019, which is a division of 
U.S. Patent Application No. 08/388,107, filed on February 13, 1995, now abandoned. Thus, 
because the present application has a priority date earlier than the priority date of Ginter Appl. 
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'370, Applicants allege that based at least upon priority of invention, Applicants are entitled 
to a judgment relative to the inventors of Ginter Appl. '370. 

35 U.S.C. § 135(b)(2) does not bar this amendment because the amendment is being 
filed within twelve months of the publication date of the target patent application, August 15, 
2002. 



CONCLUSION 



Accordingly, Applicants respectfully request that an interference be declared between 
the present Applicants and the inventors of the aforementioned patent applications. If there . 
are any questions, please do not hesitate to call the undersigned at (949) 752-7040. 
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Respectfully submitted, 

David S. Park 
Attorney for Applicants 
Reg. No. 52,094 
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